CentOS - Dec 2014 - partedmagic connecting to a comcast address

i have been noticing a short connection burst in system monitor every
time i connect to internet.

i got curious and decided to run wireshark to see what was happening.

seems that i am connecting to 96.195.141.178 with destination of
"PartedMagic".

this seemed strange because i do not have PartedMagic installed, so
i ran a 'whois' check.

this is what it showed:

IP Location    United States United States Pittsburgh
                 Comcast Cable Communications Llc
ASN            United States AS7922 COMCAST-7922
               - Comcast Cable Communications, Inc.,US
                 (registered Feb 14, 1997)
Resolve Host   m001dd684d074.pitt1.pa.comcast.net
Whois Server   whois.arin.net
IP Address     96.195.141.178
NetRange:      96.192.0.0 - 96.223.255.255
CIDR:          96.192.0.0/11
NetName:       COMCAST-VOIP-4
NetHandle:     NET-96-192-0-0-1
Parent:        NET96 (NET-96-0-0-0-0)
NetType:       Direct Allocation
OriginAS:
Organization:  Comcast Cable Communications, LLC (CCCS)

is this something for concern?

if so, what is/are best way/s to track this down?

any and all help / suggestions are much needed and appreciated.

thank you.


-- 

peace out.

in a world with out fences, who needs gates.

tc,hago.

g
.

On Wed, Dec 3, 2014 at 5:49 AM, g <geleem at bellsouth.net> wrote:
> i have been noticing a short connection burst in system monitor every
> time i connect to internet.
>
> i got curious and decided to run wireshark to see what was happening.
>
> seems that i am connecting to 96.195.141.178 with destination of
> "PartedMagic".
>
> this seemed strange because i do not have PartedMagic installed, so
> i ran a 'whois' check.
> this is what it showed:
>
> IP Location    United States United States Pittsburgh
>                  Comcast Cable Communications Llc
> ASN            United States AS7922 COMCAST-7922
>                - Comcast Cable Communications, Inc.,US
>                  (registered Feb 14, 1997)
> Resolve Host   m001dd684d074.pitt1.pa.comcast.net
> Whois Server   whois.arin.net
> IP Address     96.195.141.178
> NetRange:      96.192.0.0 - 96.223.255.255
> CIDR:          96.192.0.0/11
> NetName:       COMCAST-VOIP-4
> NetHandle:     NET-96-192-0-0-1
> Parent:        NET96 (NET-96-0-0-0-0)
> NetType:       Direct Allocation
> OriginAS:
> Organization:  Comcast Cable Communications, LLC (CCCS)
>
> is this something for concern?
>
Maybe.
A bit odd since that's assigned as Comcast VOIP and not a static customer
block.

>
> if so, what is/are best way/s to track this down?
>
I'd dump the traffic with tcpdump or wireshark and analyze it.
What type of traffic is it?
(transport layer protocol, as well as application protocol -- ex: HTTP is
TCP port 80)

Are there any DNS queries that happen prior to the spike?  Use wireshark to
capture them and that might give a clue.

You could also use nethogs to diagnose and determine what program is
causing the spike.
http://nethogs.sourceforge.net/


-- 
---~~.~~---
Mike
//  SilverTip257  //

On 12/03/2014 11:12 AM, SilverTip257 wrote:
<>
> Maybe.
> A bit odd since that's assigned as Comcast VOIP and not a
> static customer block.
this is true.
> I'd dump the traffic with tcpdump or wireshark and analyze it.
i have a text file saved. see below

which "save as" form should be used to reload into wireshark without
loss of information?
> What type of traffic is it?
> (transport layer protocol, as well as application protocol
> -- ex: HTTP is TCP port 80)
see below.
> Are there any DNS queries that happen prior to the spike?
>  Use wireshark to capture them and that might give a clue.
see below.
> You could also use nethogs to diagnose and determine what program is
> causing the spike.
> http://nethogs.sourceforge.net/
will have to install.

*BELOW*

i should have done this before posting. :-(
i loaded wireshark text file to:

   http://pastebin.com/rCU0CC10


-- 

peace out.

in a world with out fences, who needs gates.

tc,hago.

g
.

On 12/03/2014 04:49 AM, g wrote:
<>

my bad. :-(

to SilverT257 and Mark Mihollan,

thank you for responding. my "chemo brain" gets forgetful.

i am taking system offline after sending this and will run wireshark
again to see if there is anything different.

thanks again.


-- 

peace out.

in a world with out fences, who needs gates.

tc,hago.

g
.

new paste at;

  http://pastebin.com/rCU0CC10

hopeful this will give better info and answers.

thanks again to respondents.


-- 

peace out.

in a world with out fences, who needs gates.

tc,hago.

g
.

On 12/3/2014 1:53 PM, g wrote:
> new paste at;
>
>    http://pastebin.com/rCU0CC10
>
> hopeful this will give better info and answers.
>
> thanks again to respondents.
again, wireshark is, for some unknown reason, calling that 
00:0f:fe:8f:8f:23 MAC address "PartedMagic", this MAC is associated
with
the IP 192.168.1.144

other than wireshark's odd name for this host, I see nothing wrong 
here.    Does in fact the system with that IP have that MAC ?   if so, 
everything is normal, that system is apparently connecting to 
https://secure.informaction.com







-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast